CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2015-1501
SolarWinds Server and Application Monitor - Remote Code Execution via UNC Path in TSUnicodeGraphEditorControl
CVE-2015-1497
Persistent Systems Radia Client Automation <9.1 - RCE
CVE-2015-1311
SAP HANA Extended Application Services - Remote Code Execution via ABAP Code Injection
CVE-2015-0925
iPass Open Mobile < 2.4.4 - Authenticated Remote Code Execution via DLL Pathname in Unicode String
CVE-2015-1059
AdaptCMS 3.0.3 - Authenticated Remote Code Execution via File Upload
CVE-2014-5401 CRITICAL
Hospira MedNet < 5.8 - Unauthenticated Remote Code Execution via JBoss Enterprise Application Platform
CVSS 9.8
CVE-2014-2302 CRITICAL
webEdition CMS <6.2.7-s1, <6.3.x - Code Injection
CVSS 9.8
CVE-2014-10065 MEDIUM
remarkable < 1.4.1 - Cross-Site Scripting via JavaScript URL Injection
CVSS 6.1
CVE-2014-2293 CRITICAL
Zikula Application Framework <1.3.7 build 11 - Code Injection
CVSS 9.8
CVE-2014-4000 HIGH
Cacti < 1.0.0 - Authenticated PHP Object Injection via Unserialize
CVSS 8.8
CVE-2014-9463 HIGH
vbseo - Authenticated Remote Code Execution via HTTP Referer Header
CVSS 8.8
CVE-2014-8677 MEDIUM
soplanning < 1.32 - Authenticated Remote Code Execution via Crafted Database Name
CVSS 5.3
CVE-2014-8872 HIGH
AVM FRITZ!Box - Cryptographic Signature Verification
CVSS 7.8
CVE-2014-3927 CRITICAL
mrlg4php < 1.0.7 - Remote Code Execution via mrlg-lib.php
CVSS 9.8
CVE-2014-3582 CRITICAL
Apache Ambari 1.2.0-2.2.2 - OS Command Injection via SSL Certificate Generation
CVSS 9.8
CVE-2014-8778
Checkmarx CxSAST <7.1.8 - Auth Bypass
CVE-2014-2331
Check_MK <1.2.3i5 - Authenticated RCE
CVE-2014-2027
eGroupware <1.8.006.20140217 - Code Injection
CVE-2014-0603
Attachmate Reflection FTP Client < 14.1.420 - Remote Code Execution via rftpcom.dll ActiveX Control
CVE-2014-8636
Firefox < 34.0.5 and SeaMonkey < 2.31 - Remote Code Execution via XrayWrapper DOM Interaction
CVE-2014-9567
ProjectSend r100-r561 - Unauthenticated Arbitrary File Upload and Remote Code Execution via process-upload.php
CVE-2014-9521
InfiniteWP Admin Panel <2.4.4 - RCE
CVE-2014-2208
Facebook HHVM <2.4.2 - Command Injection
CVE-2014-6119
IBM Security AppScan Enterprise 8.5-9.0.1 - Remote Code Execution via Crafted Executable in Archive
CVE-2014-9185
Morfy CMS < 1.04 - Authenticated Static Code Injection via install.php site_url Parameter
Details
Vulnerabilities 6,536
Exploit Likelihood Medium